developer of game 'Rust' talks about anticheat on linux

TheMightyCat @ani.social 5d ago

It's almost like client side anti cheat doesn't work and if proper server side anti cheat is made it wouldn't matter what platform the client is on.

Eager Eagle @lemmy.world 4d ago
"never trust the client" is pretty much a motto of infosec, idk what the hell game devs expect
- sp3ctr4l @lemmy.dbzer0.com 4d ago
  
  See, the wild thing is that I used to run with some actual hackers in GMod... and... I learned from the exploits that they did, how you actually design at least a game mode script that can't be fucked, can't be poked proded or queried directly.
  Of course, if the actual exploit is lower level than what I'm writing at, well then I'm still fucked...
  I can remember at least one GMod originated, lower level exploit, caused by Garry leaving some direct, unsanitized interface to Steam itself directly exposed via lua... which caused Steam/Valve themselves to step in and rewrite a part of all of Steam, because Garry is s fucking moron, and more or less allowed a virus/malware to propogate through Steam itself, independent of Garry's Mod...
  Never did figure out if any of the goobers I knew had any direct ties to that or not.
  But anyway, fucking yes, literally never trust the client with anything beyond their own GUI, and barely trust them with that, don't just let them click on anything in their screen space to see if its an item they can put in their inventory, do an actual server side vector ray trace, from the item to the playet, make sure the thing they clicked on is actually near them, put that all into a buffer that locks up if they're calling it at inhuman rates...
  It was so easy to item dupe and stat boost and even hijack other players accounts in so many gamemodes I saw.
  Fucking one of them had the user set and enter a login password to 'access' their various characters, pick one to spawn as.
  Problem?
  ... That gamemode was actually doing the id check via SteamID, duh.
  The username/password thing was a fucking phishing scam, that game mode had a forum, everyone used the same user names, a bunch of people got their hotmails or whatever fucked, by the dev of that gamemode.
  ... Anyway... yeah, I learned all this infosec type shit first hand, in an earlier 'FacePunch Studios' production.
  Fuck Garry, fuck FacePunch, these people are idiot clowns.
  Roblox exists now, the GMod roleplay communities independently invented their own ways of monetizing their gamemodes via syncing to their sites and forums with payoal widgets, ya'll missed the boat on that one, no one is going to play S&ndbox in anything close to GMod in its heyday numbers.
- FishFace @piefed.social 4d ago
  And this naïve understanding of infosec somehow makes people forget that this is not infosec, and there is more to anti-cheats than ignoring a client which says its travelling at warp speed.
- Strider @lemmy.world 4d ago
  
  It's not a motto. It's a given must design. (I have work context)
- FlowerFan @piefed.blahaj.zone 3d ago
  The Problem is that that would increase the load on the server as well as make latency-mitigation much harder.
  As with everything, it‘s always a tradeoff.
- Bronzebeard @lemmy.zip 3d ago
  The issue with pure client side is latency. At some point, you need some kind of predictive client side to smooth out the gaps to feel playable, but that also can lead to rubber banding and jumping around.
- 0_o7 @lemmy.dbzer0.com 4d ago
  They're totally different scenarios. How is the server supposed to know if a player has (e.g.) walls disabled and knows where the enemies are?
  Because the client has to know where the enemies are while still hiding it from the player.
  People who have no idea how things work and go off on quotes they see online is why these discussions are useless.
FishFace @piefed.social 4d ago
If your objection to client-side anti-cheat is that it "doesn't work" what till you see what server-side anti-cheat fails to accomplish!
There's no way with a pure server-side implementation to even try to work out whether the client is using an aimbot or wallhack. No solution is perfect, which is why the best solutions try to combine methods.
- りん〜 @sopuli.xyz 4d ago
  
  These people are delusional, don’t listen to them. Their cognitive dissonance drives them to jump through the biggest hoops to defend something that is simply flat-out wrong. You can't beat most cheaters with a server side anti cheat only, unless you do what World of Tanks does and have everything server-sided which isn't feasible for all games. Take CS2 or CS:GO for example. The game is riddled with cheaters, despite getting multiple VAC updates this year.
- x00z @lemmy.world 4d ago
  Why would you even send the location of players behind walls? You can just do the visibility check on the server first. But hey that's extra CPU cycles that they don't want to be spending on helping you.
urandom @lemmy.world 4d ago
I don’t pay multiplayer. That said, what if there is no anticheat? Would that level the playing field? Let everyone aimbot if they want to.
- xep @discuss.online 3d ago
  It will ruin the experience for anyone playing competitively in a ranked mode, which means invalidating that mode entirely. This drives players away from competitive games like CS, Valorant, etc. which is why those games all use anti-cheats.
  Similarly if there is a persistent world or some state that the game relies on to make the game fun for everyone, e.g. extraction shooter, MMORPG, etc then if the game state's integrity is compromised it loses meaning entirely. Imagine playing chess but your opponent can move the pieces any way they like; it stops being a game.
  I do agree that games where everyone agrees on cheating should allow it.
Honytawk @feddit.nl 4d ago
You use both server and client side anti cheat.
Using only one will not work the way it should.
That, or cloud gaming needs to replace it.
- xep @discuss.online 3d ago
  
  All client anti-cheat have server components, otherwise they will be bypassed.

andyburke @fedia.io 5d ago

Get your anticheat code off my fucking cpu and onto your servers where it belongs.

Garbage games do this, simple as.

mycodesucks @lemmy.world 4d ago
Absolutely. You know where all the players are and what they have. Just check if something that the client is reporting is IMPOSSIBLE and kick the player who threw the request. If you have a player who is performing at over a certain level of realistic performance, have someone manually check them to verify they're legitimately that skilled and if so, flag the account as "actually just that good". It's the only reliable solution.
- schnurrito @discuss.tchncs.de 4d ago
  I'm not a gaming dev, but a full-stack web dev; is it not common sense that data needs to be validated on the server side, not client? I don't really get why client-side "anti-cheat" is a thing, but may be missing something.
- FishFace @piefed.social 4d ago
  What performance threshold should that be? 10%? So 140,000 manual checks of CS:GO players? 1% is still 14,000. How are you going to check those people - go to their houses? If they don't let you in just ban them? What about people who install cheats that allow them to perform as well as someone in the top 2% but not top 1%? They have a free ride?
  It's not possible to catch all cheats, but pure server-side cheat detection is basically worthless.
りん〜 @sopuli.xyz 4d ago

Just look how well this went for Valve & CS2... It's riddled with cheaters, despite having multiple updates to VAC over the year. This method only works for games like World of Tanks, where most things are server sided.

oyzmo @lemmy.world 4d ago

So many games that work flawlessly on Linux, so I just skip those that don't:]

krimson @lemmy.world 4d ago
This is the way.
And let people run their own dedicated servers again.
- りん〜 @sopuli.xyz 4d ago
  
  There are community rust servers with EAC disabled (mainly for linux players). I don't know what the fuss is about.
Honytawk @feddit.nl 4d ago
How many of them competitive multiplayer?
- Cus @lemmy.zip 4d ago
  many. Marvel rivals, a bunch of the battlefield games, arma 3, dayz, dead by daylight, halo, hunt showdown, team fortress, war thunder, csgo, deadlock, vail vr most of these games manage to have less rampant cheating than rust while supporting linux at the same time, meanwhile rust claims that only 0.01 percent of players, only 14 people, were linux players and somehow thats causing a serious cheating problem that they cant resolve? anyone can tell how dumb that sounds.....
- M137 @lemmy.world 2d ago
  Very obviously many. But I gotta say my reaction to your reply is just "eeew, I'm so glad I'm not one of those people" (who only play those kinds of games).

arthur @lemmy.zip 4d ago

Server side anti-cheat should be the focus of every game company with an MMO game in their catalog. Relying on kernel access is madness.

TheDemonBuer @lemmy.world 5d ago

If Valve's expanding hardware lineup helps increase SteamOS adoption, they'll change their tune.

Mugita Sokio @lemmy.today 5d ago
I doubt that they will, given the fact that Linux is misrepresented a lot. They use Linux servers, so why not support Linux already?
rumba @lemmy.zip 4d ago
Not a chance.
Overhaul your entire game stack || Blame Linux for being too small
- Laurel Raven @lemmy.zip 3d ago
  Why would they need to overhaul their game stack? Rust would run just fine on Linux if they didn't block it intentionally.

Nibodhika @lemmy.world 4d ago

Let's do some math here, they said:

More cheaters using Linux than legit users (...) .01% of all players base

Let's do a quick math. The maximum peak users for Rust was 259,646 concurrent users according to https://steamcharts.com/app/252490 . Let's assume 60% (more than half) of all the .01% users were cheaters, congratulations, you got rid of all those 16 cheaters... I haven't played much Rust, but I'm fairly confident that there's a bit more than 16 cheaters there.

And that's without getting into the whole client side anti-cheat doesn't work.

Cus @lemmy.zip 4d ago
You dont understand linux users have black magic hacks that ruined the game for every player on every server, their power cant be understated... Theyre a whole bunch of dangerous hardened criminals
- Osan @lemmy.world 3d ago
  I feel like some people think Linux is only for hackers and cybersecurity professionals
- mvirts @lemmy.world 4d ago
  🤣 beware the Linux users
- mojofrododojo @lemmy.world 3d ago
  every single one is a l44t hack3r bro
- InnerScientist @lemmy.world 3d ago
  It was the elite hacker 4chan, they hacked all their servers and stole all their ram.

snooggums @piefed.world 5d ago

I would bet that the claim of more than half of Linux players cheating is false positives due to shitty anti cheat. Like the anti cheat relying on some windows process or trying to initiate some process and linux is structured differently so it fails.

gigachad @sh.itjust.works 4d ago

THE INTEGRITY OF YOUR DEVICE COULD NOT BE VERIFIED

Rob Bos @lemmy.ca 4d ago

So Linux users were 0.01% - one in 10,000 players - and also the main cheating problem?

Some odd math there.

stephen01king @piefed.zip 4d ago
No, he said he saw more cheat users using Linux than legitimate users using Linux. He also said Linux is another vector to cheats, not that its the main one.
- Ghoelian @piefed.social 4d ago
  He said he saw more cheaters than legitimate players on Linux after they stopped support. I mean, no shit?

Blackmist @feddit.uk 3d ago

If your cheat detection runs on the client side only, you don't have cheat protection.

jj4211 @lemmy.world 3d ago
Well, there only so much in gaming that reasonably can be done server side.
Sure, the server could identify that a player shouldn't be visible and not transit that location to a client, addressing seeing through walls, in theory.
But once a player is hypothetically visible, aimbot can happen. If you are crawling in a ghillie suit in the grass, but the other player has a client that skips rendering grass and replaces the ghillie suit model with a suit made of traffic cones...
Now intrusive anti cheat isn't worth it, but it is an unavoidable reality that it is up to the client to preserve the integrity.
Closest you get would be streamed gameplay, where the rendering even is server side. Also not worth it. But even then I could see cheating machine vision and faked controls to get an edge unfairly.
- ObjectivityIncarnate @lemmy.world 3d ago
  replaces the ghillie suit model with a suit made of traffic cones
  lol

Lucy :3 @feddit.org 4d ago

Minecraft is actually a good example.

Server owners pay very little to nothing for anticheat, and cheaters have dozens of extremely elaborate clients to choose from, all interfacing with the very open and moddable game. And still, servers that do give a fuck have basically zero rage cheating. ESP? Sure, but that can be solved as well. But beyond that, everything can and is detected. And that in a game as sandboxy and freedomy as MC. It was designed to have a lot of slack in movement and actions, yet ACs are extremely good.

Cus @lemmy.zip 4d ago
literally when i thought about it for even a few seconds i was like this is some bullshit minecraft has better cheat moderation than rust..... the biggest servers all manage to do so completely adequately and theyre just community servers....
WolfLink @sh.itjust.works 3d ago
One of the biggest Minecraft servers I know of had basically no anti-cheat and just relied on user reports and bans. And it was extremely effective. It was a PvP based server, and I only encountered cheaters in like 0.1% of games, and even then they were usually banned before the match finished.
- ComicalMayhem @lemmy.world 3d ago
  Unfortunately this usually requires a dedicated mod team. For smaller servers it's not much a problem but when that scales up, companies often decide paying for an enormous dedicated mod team to review reports and make bans isn't worth it when there are cheaper (albeit shittier) options.
- PlexSheep @infosec.pub 3d ago
  And then there is 2b2t where everyone cheats as much as possible.
Korhaka @sopuli.xyz 4d ago
Can't you cheat in MC by just removing a pixel in a block to make it transparent?
But I only ever played it coop, so it doesn't really matter.
- Lucy :3 @feddit.org 4d ago
  
  Basically, yes. There are many ways. But:
  An anti-xray plugin is nowadays as common for servers as lithium or essentials. It either removes all important blocks from view, inserts fake blocks (eg. ores) or just makes everything appear as only stone. The middle option can even serve as evidence of a player using xray. For preventing ESP, you can do effectively the same but with players: Hide them and their particles until they're in view, and randomize their sounds' position, so that a client mod does not provide any more advantage than having decent headphones.
  Server-side culling essentially.
- JackbyDev @programming.dev 3d ago
  The game doesn't render blocks that aren't exposed to air. So that trick let's you see caves and some ores, but not most ores.
tazeycrazy @feddit.uk 4d ago
I think the main tool is private self hostable servers. The big public ones have to think about anti cheat (more out of preservation of there own economy) but if you just whant to build with your mates. Have at it.
mudkip @lemdro.id 4d ago
Copius maximus

brax @sh.itjust.works 4d ago

Developer of game 'Rust' talks about ~~anticheat~~ rootkits on Linux

This whole anticheat thing is so stupid. Remember when Sony got sued bigtime for including rootkits on their audio CDs? Why are game developers getting away with it no problem? Society is regressing and it's frustrating to watch.

Phoenixz @lemmy.ca 4d ago
People are never interested in learning from history, they'd rather run face first into that wall.
The abusers typically.did read histor, saw what worked well, what didn't, learned from that to become even better abusers.
This doesn't only apply to games, it applies to politics, celebrities, religious clerks,you name it
- A_Random_Idiot @lemmy.world 4d ago
  People are never interested in learning from history, they’d rather run face first into that wall.
  Just saw a comment in a topic about steam machines about "why do we even need to care about the past, its in the past, it doesnt matter anymore"
  humanity is devolving to a state dumber than the chimp that scratches its ass, sniffs its finger, and falls off the log in shock at the smell.

Gary Ghost @lemmy.world 4d ago

They dropped Linux before proton was invented. Go on any cheat website and the requirements will always say to have windows. Maybe proton is exploited by some cheaters, news to me. You should just ban windows, no more cheaters.

Qwel @sopuli.xyz 4d ago
It's not proton that is exploited. It's the kernel itself that cannot be monitored by anti-cheats, meaning cheaters could install a modified kernel to mess with the anti-cheat
- reksas @sopuli.xyz 4d ago
  as if the cheaters can't already evade anti-cheats even on windows.
- fruitycoder @sh.itjust.works 4d ago
  And that it self is measurable. Never understood the attempt to have total control on byod setups. Its never going to happen lol

yoevli @lemmy.world 4d ago

That .01% number is out of line with the overall share of Steam users in 2018 by literally an order of magnitude. I can understand some deviation within a particular game, but that figure is so far off that I kind of suspect he just made it up on the spot.

arthur @lemmy.zip 4d ago
I think he refers to the amount of Linux users playing their game.
- Damage @feddit.it 4d ago
  Yes, but it's still weird that their audience is so far outside the average proportions

nialv7 @lemmy.world 4d ago

I mean, Linux player base is only .01%, even if they are all cheaters, they will literally have no impact... You can't say "Linux user base is too small", and "if you support Linux you want cheaters" at the same time if you want to make sense.

Frenchgeek @lemmy.ml 4d ago
Yeah, but saying "Our codebase is so terrible Linux keep showing us new bugs we won't fix" or "We can't sell your personal data with Proton" is worse PR...

Paddle0681 @lemmy.world 4d ago

I gave up Rust when I moved to Linux.

They are changing the game from building a cozy PvP Minecraft, to a clan based wargame.

Cozy players, don't cheat, clans do (Not all, of course).

SkyezOpen @lemmy.world 4d ago
Changing? Zergs have run servers since the first day I played almost 10 years ago. Small monuments are war zones the first few days of wipe. I don't think that's changed much since. Rust has never been cozy on any server with a population.
- りん〜 @sopuli.xyz 4d ago
  Rust PVE on community servers is pretty cozy.

Ech @lemmy.ca 4d ago

When we stopped support for Linux, we saw more cheat users exploiting Linux, than actual legitimate users.

Am I reading this wrong? Or is this guy really trying to say the very predictable rise in exploit users on the platform after they stopped patching the exploits is proof that the platform is full of cheaters?

worhui @lemmy.world 4d ago
Yes. It sounds like they removed anti cheat from linux for a spell and watched an uptick in cheater switching platforms. So they weren't willing to support the anticheat, removed it from the game and watched cheaters flock to the platform. I don't think they are saying linux users are cheaters, just that cheater will use linux if vulnerable.
stephen01king @piefed.zip 4d ago
Maybe he meant at the point they stopped support, not after. But its not very clear from the way he worded it.
- Epzillon @lemmy.world 4d ago
  Curious take, Rust has about 137k users online (24h peak via steam charts rn atleast). Dev claims 0.01% of users play on Linux. That's 13-14 players. If even a single person decides to cheat or run Linux to cheat the amount of "cheaters on Linux" would indeed "dramatically increase". But that's a really bad way to tell the narrative.
  I don't really care, i haven't played rust in years and as others mentioned there's way to much games i can play instead. Ive been playing a lot of The Finals recently and I've had a blast. They have Proton support and anti-cheat and atleast publicly say that they do want to continue supporting Linux.
  If not supporting Linux is a business/economical decision just say so. This is a really bad way to discuss the situation and an attempt to frame linux players as cheaters. If you have 14 players total on Linux out of a total 100k then they most likely aren't the problem.

ashughes @feddit.uk 4d ago

I’d imagine people on Linux who want to play Rust would be more than happy to shell out $15 and go through the little effort it is to download DLC so they can play on a Premium server when the other option is to shell out $140 for a Windows 11 license and go through the effort of installing that spyware trash to their PC.

On the other hand, Alistair clearly doesn’t want your money so maybe stop trying to give it to him.

Cus @lemmy.zip 4d ago

i didnt plan to anyway lol and i dont think people should bother, rust is not a game worth the extra money or even worth the time in general...... and its damn well not worth a windows install, and i say that as someone who alrdy has one just in case on my system, i wouldnt even choose to boot up windows to play rust......

rozodru @pie.andmc.ca 4d ago

mentioning EA games like Apex Legends removing support is laughable. Sure Alistair, ALL those EA games ALL decided around fall of 2024 to ditch support for Linux/Proton. All at the Same time. Not because EA has a deal with Microsoft/Game Pass and NOT because a few months later Microsoft announced their own Handheld with Asus. Just like Riot.

So Alistair how long until Rust is announced for Gamepass with all DLC included?

Redex @lemmy.world 4d ago
That's a bit tinfoil-hatty. EA is a big company and these types of decisions typically come from the top, and if it was decided that they don't want to bother with Linux, because, let's be fair, they don't really have that much of an incentive, the profits they get from Linux is probably worth less than the headache of supporting another platform, then they most probably decided to apply that to the whole company, not just a single game.

zaki_ft @lemmings.world 3d ago

Skill issue.

BlameTheAntifa @lemmy.world 4d ago

Who could have imagined that the people who create toxic PvP games are as toxic as the people who play them?

mavu @discuss.tchncs.de 4d ago

Fair point. Means I'm not going to play the game, but that's fine too.

Curious to see though if the Valve Frame/Gabe Cube changes things.

termaxima @slrpnk.net 4d ago

This is actually one of the absolute worst trade-offs they could have made, if you think about it for like 2 minutes :

They said 0.1% of players were on Linux.

Even if they were ALL cheaters, that's still a tiny amount of cheaters you just "banned"

Almost 100% of whom will just cheat on Windows instead ; whereas all the legitimate Linux players will loudly complain forever.

They decided to sacrifice all the free PR from one of the most vocal groups of players out there, in order to get a ~ 0% reduction in the number of cheaters.

In more simple terms, they just shot themselves in the foot for no benefit whatsoever (though I do grant it's a relatively small "gun")

Bongles @lemmy.zip 4d ago
Not only that, but the steam deck exists, the gabecube is coming, Linux gaming has been on the rise. The shit you did "several years ago" is irrelevant. If they allowed Proton, windows players with steam decks can now also play on the go. Instead they repeatedly have to poorly explain why they won't.. to stop basically 0 cheaters. I'd be willing to bet that the only people who actually stopped cheating in rust when Linux support was dropped did so because they lost interest anyway.
I searched just to see, there's a python script right on github that claims to have an aimbot, esp, wallhack, no recoil and several other features, along with "safety settings" so you don't get caught. Does it work? I don't know, but the codes right there to look at and there are dozens of other results in the search.
- aphonefriend @lemmy.dbzer0.com 4d ago
  The Gabecube. Thank you for that. Totally stealing it.
Cus @lemmy.zip 4d ago
they actually said 0.01 which is literally only 14 players compared to the average player base..... they shot themselves in the foot to fuck with 14 ppl lmfao even though it's unlikely the number is that small its likely just them exaggerating to make it seem like less people are affected
- Buffy @libretechni.ca 4d ago
  I also highly doubt their statement that more users were cheating under Linux than not. I'd like to see how they came to this conclusion. And if it's so easy to identify who was cheating, why not just ban them if it's .01 players? That's like 7 or 8 bans. An insignificant amount of effort would go a long way here.
  Remember when Apex banned Linux during a cheating low, and then cheaters started trending upward AFTER the ban? Pepperidge Farm remembers.

Lettuce eat lettuce @lemmy.ml 4d ago

I will be so happy when the era of client-side anticheat is over. I think it will happen eventually, especially now that Valve is releasing the new Steam Machine and has been so successful with Proton-based gaming lately.

Plus, Windows getting so much worse and the zero days and exploits of these kernel-level anticheats will put pressure on the devs to move away from them imo.

Cus @lemmy.zip 4d ago

yea i think its a matter of time linux is very quickly becoming the operating system of enthusiasts not in spite of gaming but for gaming too. Some older games dont even run properly on windows
But for people with older pcs priced out of the market who are still very heavy gamers they will naturally trend toward debloated windows variants and linux, and with the speed linux has grown in even just the last year its pretty likely itll be more close in market share to macos sooner rather than later. and more of the people who leave windows go to linux vs mac based on stats available so its in some good standing right now.
i talk to many regular people about linux and many seem completely open to switch tbf these are more educated people in school though and one does programming but i think majority of people would be open to running something like a debian or ubuntu and even something more complex with the right applications to support daily usage
on the enthusiast note for example, if you want the best vr performance on your index or vive or other wired headsets your best performance will be running monado on linux using openvr translation, thats just reality, steamvr is pretty ass. And many alternative softwares for gaming like wivrn are completely free and available to everyone instead of charging for similar windows software, gamers use linux and they make sure its a relatively good experience

dhhyfddehhfyy4673 @fedia.io 4d ago

Glad I never gave this cunt any money.

りん〜 @sopuli.xyz 4d ago
His argument is valid, wdym?
- dustyData @lemmy.world 4d ago
  
  It isn't. Cheating is a game culture problem, not a technical problem. Just to counter example. Rust is filled with cheaters precisely because they haven't done everything they can to fix cheating. They are culturally fixated in a single lane thinking. As a result, they're flooded with cheaters (plenty on Windows) who exploit their inflexible strategies. This is top Flanders "we haven't done anything and we are all out of ideas". Linux is not the source of cheating on Rust either, but he's arguing as if it is. He is lazy. That's not bad on itself, but he is also disingenuous and is arguing in bad faith.
  Make server side anti cheat and suddenly what OS the player is running becomes irrelevant.
  Edit: another contradiction in their argument. Linux was less than 0.1% of the Rust user base. But, Linux was also the biggest source of cheating? How? It is just a disingenuous and dumb argument made to spite Linux out of hatred. It has no basis in reality.
- youmaynotknow @lemmy.zip 4d ago
  Fucking trolls, seriously.
- Korhaka @sopuli.xyz 4d ago
  No it isn't, I can't even be bothered to read it.
- SleepyPie @lemmy.world 4d ago
  You’re getting downvoted because the truth hurts. Most people are here are not devs on competitive games clearly. What sane developer would multiply their anticheat costs for .01% player growth?
  It’s a network effect issue. More people need to game on Linux before it’s relevant enough to support for competitive multiplayer games. Same reason why Riot dropped it.

Galactose @sopuli.xyz 3d ago

Well the garbage takes itself out

muusemuuse @sh.itjust.works 4d ago

Explain something to me. It’s a multiplayer game anything that affects all players should be handled on the server side, not the client. So if I make a cheat it can only be installed client side, not server side.

So if my hypothetical cheat looks at object placement and any time I sees a small object approaching at a high velocity it can say “I’m going to assume that’s a bullet based on what the server told me about it.” Then my cheat would say “your character moves from here to here until the bullet passes by, then moves back. I will tell the server you moved to the left 20 inches in the blink of an eye then moved back”

This works because the server just trusts what it’s told in this example.

So there are two options here to resolve this. Either the server sets thresholds and denies any placement changes look like the Flash is playing rust, or the server evaluates suspicious placement changes later when the cpu load it’s under is lower. The first approach stops much of this instantly but is computationally expensive and could not scale well for lots of players. The second would work well enough. You need to catch cheaters but it’s doesn’t have to be within the same exact cpu cycle.

In either case, these work because the server is taught to look for something that shouldn’t be possible. The enforcement happens server side. The client doesn’t fucking matter.

There is zero reason to put anti cheat on the client side when it’s not a P2P instance. Target a few servers, not thousands of players.

Nibodhika @lemmy.world 4d ago
Your head is in the right place, but your example is very wrong. First, unless it's a very slow projectile that's not how bullets work in games, second movement takes place in the server, to do so in the client is nuts. Client sends inputs, sever moves, gives back player location, client adapts. While waiting for a reply the client simulates the movement expected, but sometimes the server doesn't receive the package and so tells you you haven't actually moved and you teleport back.
What's usually not done is calculate vision cone, instead the server gives you everyone's position and you calculate whether you can see them on your GPU. Which is why if you can get access to the GPU pipeline you can tweak it so it shows you objects through walls. If you move the LoS calculation to the server you completely eliminate wallhacks, however that is very expensive to do (although ray tracing GPUs might provide a good approach in the future)
- WolfLink @sh.itjust.works 3d ago
  second movement takes place in the server, to do so in the client is nuts.
  For the vast majority of games, it’s in between, because the latency if you waited for the server every frame you moved would be way too much.
  It’s something like you have a local model of where everything is, and send updates to the server of where your local model says your character (and whatever else your inputs affect) are. The server receives that data, potentially validates it (server side anti cheat checking that your movement makes sense, similar to the OP post, for example), and then forwards that info to all players. The client side positions of everything are updated based on that info. Usually some interpolation is added to make things move more smoothly.
- muusemuuse @sh.itjust.works 3d ago
  Yes I meant movement happens server side, which is why this example cheat couldnt work. it would be telling the server what to do, and the server could always say "no, fuck off, thats not something you were coded to be able to do". Sorry if I didnt convey that clearly.
  I also understand the client has to draw things faster than the server can respond "okay, I moved you 12 inches to the left" so it guesses the outcome and if the server later responds with "denied, no teleportation in rust" it will just snap you back to the last position the server approved of.
  My point is anticheat client side suggests bad code server side.
Dr. Moose @lemmy.world 3d ago
The client side anti cheat is a low effort hack that was good enough. Video game anti cheat devs are cheap as fuck because looking at client bits cost nothing compared to expensive machine learning pipelines that need to analyze all player performance. This is not a tech problem but a product/skill one.
- Echo Dot @feddit.uk 3d ago
  You don't need machine learning for this we've had perfectly good server-side anti-cheat for a while now and none of it's been AI-based until recently. If we know the top speed the game should allow players to move any movement greater than that speed must be a cheat or lag, either way it shouldn't be allowed.

Wispy2891 @lemmy.world 3d ago

On Windows the cheating program it's a simple exe that will get kernel access with a simple uac request.

Everyone, especially 12 years olds, are able to run it. (And maybe get malware/ransomware disguised as a cheating program)

None of the losers that need a cheating program to feel validated in online multiplayer games will have the skills to recompile the kernel in Linux to add support for that

mojofrododojo @lemmy.world 3d ago
None of the losers that need a cheating program to feel validated in online multiplayer games will have the skills to recompile the kernel in Linux to add support for that
aha! so you admit, IT'S POSSIBLE! Well aren't we lucky we have microshoft who won't let anyone recompile their colonels! shows you mr silly yunix!
;D

demizerone @lemmy.world 3d ago

I don't play games that require anti-cheat. Simple as that. If a game is full of cheaters, I don't play those games either. I am not going to have a windows installation just to play games. I am not going to have a console that only plays games. I am a simple man, if it supports Linux and doesn't have anti-cheat I play. But also I don't have friends so...

Dr. Moose @lemmy.world 3d ago

Hardware level cheat detection has always been a losing game. I'm a professional in similar area (not games) but it's fundamentally impossible to do when you dont control physical hardware, it's stupid. The only way to detect cheaters is machine learning based behavior analysis, period.

TL;DR: skill issue

Taldan @lemmy.world 3d ago
The only way to detect cheaters is machine learning based behavior analysis, period
Either the entire game industry is incompetent, or you're wrong. Machine learning is a powerful tool, but the only way? No chance.
- Shanmugha @lemmy.world 3d ago
  Entire game industry is incompetent as in "willfully not doing the best as long as it keeps selling, or not having resources to do it anyway". I can believe that
- Dr. Moose @lemmy.world 2d ago
  
  Yes they are willingly incompetent because kernel anti cheat costs nothing while ML pipelines would cost thousands if not millions usd in compute and engineering every year.
  Luckily now with AI boom it brought down many machine learning costs significantly as well so we'll see much more server side anti cheat.

Damage @feddit.it 4d ago

Fair. There are other games I can play on Linux,.

tabular @lemmy.world 4d ago

If Linux gamers are not worth his time as we are so few then maybe this singular person's comments are not worth our time over and over.

I hope for more than merely support for a freer OS. I want the whole video games industry to move away from a proprietary model to software freedom - where demand for support is not dependant on the original dev.

Cus @lemmy.zip 4d ago
well yea idc i wasnt gonna play rust anyway i just posted since i saw it was being talked about and thought it might have some fun reactions about how stupid it is
- tabular @lemmy.world 4d ago
  I'm gonna make my own Rust, blackjack and h-.. A better blackjack.

Jaysyn @lemmy.world 4d ago

TBF, you'd have to pay me to play most of these "anti-cheat" games anyhow.

bitjunkie @lemmy.world 4d ago
BF6 is pretty great honestly
- nekbardrun @lemmy.world 4d ago
  But I think you still would have to pay him if you want him playng BF6.
  I can't speak with 100% accuracy. I just have something that tells me so.

Lumisal @lemmy.world 4d ago

It's not even real Rust unless it's coded in the real Rust language of Rustlandia.

Otherwise it's just sparkling oxidation

Mikina @programming.dev 4d ago

one that would be poorly maintained by both us and EAC due to the low user base.

I'm sure I've been playing a lot of games with EAC, because it's actually one of the few ones that support Linux.

If I'm not mistaken (judging entirely by the RAC popup/loading), from the games I'm playing, Hell Let Loose, Fellowship, Helldivers 2, I think even The Finals used it.

Hell Let Loose wasn't working at first, because you have to check a checkbox and enable Linux support when building, which did take them a while.

So, unless I'm misremembering/confusing it with another anticheat, this is bullshit.

Also "unless you have an in-house anti-cheat team"

You made millions out of your player base. You can afford it. You're just lazy.

Cus @lemmy.zip 4d ago
yea thats one of the funniest parts like oh so your game that makes tons of money and has rampant cheating doesnt have any team dedicated to the issue? that explains a lot!
HorreC @lemmy.world 4d ago
You can set the EAC flag in lutris and have it run on proton just fine. That is how all of the star citizen players do it. Its the new ones that need BIOS level stuff that I dont think will ever jive with linux unless they build a lib and make it for them.

Prove_your_argument @piefed.social 5d ago

This guy is from the UK and former military. I think there must be some kind of weird haywire thing where the military experience made him irrationally upset about people who do not follow rigid rules and structure or something.

No doubt he spends most nights stalking cheater forums and dreaming about the day he finally wins his war lol

corsicanguppy @lemmy.ca 4d ago
Stereotypes are so edgy.
- pix_wbmr @feddit.org 4d ago
  But often true
Cus @lemmy.zip 4d ago
i think its moreso the people most likely to go into military already tend to be more narcissistic people willing to kill others or easily convinced of extreme things like that for ego. Though the service can only really worsen those issues for most people. I also dont think he stays up at night like that lol i think he just hardly really gives a fuck cuz hes convinced he couldnt be going about it wrong despite him openly admitting other groups manage to and he just convinces himself its impossible with his team when every large server has their own moderation staff and can make use of tools if given them. His whole comment is so silly.

chemicalprophet @slrpnk.net 3d ago

People who play games to cheat are the problem with the world. Born losers.

mlg @lemmy.world 4d ago

This is the same BS CrowdStrike uses to sell their rootkit EDR. I mean, by all means it is a very solid EDR, but it's being used exclusively to cover gaping holes in discrete security as a cop out for not properly composing enterprise infrastructure.

A kernel space agent should only really be running in an environment where every process must be heavily scrutinized and the design of the kernel module is tightly controlled and itself under constant review, like in a proper data center with thousands of critical nodes. Not your laptop or the shitty windows box used to display ads in the screens at the airport.

Crowdstrike keeps spamming new features and techniques without serious consideration to keep their enterprise customers happy, similar to crappy solutions like Vanguard.

Covering obvious blatant logic flaws should be included in your server software, it's the same as sanity checking your inputs because there is always the possibility in may not match what you expect.

From that experience, I'm very comfortable saying that if a game supports Proton or Linux, they're not serious about anti-cheat

This statement is especially insulting to the massive library of games that successfully added Linux support without so much as a hint of issue relating to cheating. Even crappy outsourced dev War Thunder doesn't need to do anything after enabling EAC/BattilEye because they actually spend the .000001% extra cash from their whale revenue to run a service moderation team.

Hell even Valve's VAC system is mostly just about automating moderation tasks so that hackers can be taken down ASAP instead of a lengthy review process.

Or you know, the thousands of games that have better game logic than Rust's anticheat.

CorneliusTalmadge @lemmy.world 4d ago

Image Text:

From linux_gaming community on Reddit

Posted by: Alistair_Mc

There are no plans to support Proton or Linux. It's a vector for cheat developers, and one that would be poorly maintained by both us and EAC due to the low user base. When we stopped support for Linux, we saw more cheat users exploiting Linux, than actual legitimate users.

When monitoring cheats for Rust, we keep a close eye on wider cheat communities across several major games. We look at what cheat developers are doing, and how other studios are responding.

From that experience, I'm very comfortable saying that if a game supports Proton or Linux, they're not serious about anti-cheat. The only exception would be if they have a fully mature, dedicated in-house anti-cheat team, even then, I'm not seeing anyone handle Proton and Linux well.

Apex Legends also dropped Proton support in October 2024 for the same reasons as we did several years ago.

Could we limit Proton to Premium servers? yes, but I think it's total bullshit asking Proton users to buy the game and then $15 worth of DLC. I'd be pissed if I were forced to do that.

When we stopped supporting Linux, users made up less than .01% of the total player base, even if that number has doubled, or tripled, it's not worth it.

I know that every time I post something like this, some Proton and Linux users call us lazy or dismissive. The reality is that fighting cheaters on one front (Windows), is already a never-ending battle. Adding more fronts multiplies that challenge without adding meaningful benefit to the wider player base.

yoevli @lemmy.world 4d ago

Laurel Raven @lemmy.zip 3d ago

They're on that lie still?

Cool, cool. I've got plenty of games to choose from to care about lazy lying assholes who can't be bothered to come up with a better excuse than that for why they irrationally hate Linux

Echo Dot @feddit.uk 3d ago
Is there any way with steam to verify those player numbers because 0.01% seems very low. Market share is about 3% so I would expect numbers more in line with that. Obviously it's not going to be a one-to-one match up but two orders of magnitude different than from the expected number.
- dracc @discuss.tchncs.de 3d ago
  Rust became unplayable on Linux a good few years before the Steam Deck-induced Linux boom. Back then the Linux share was still counted in tenths of a percent, if that.
- ragas @lemmy.ml 3d ago
  If you actively prevent your players from using Linux, your Linux player numbers will be very low.

GreenBottles @lemmy.world 4d ago

Rust is a shit game with a terrible community and rampant cheating.

FatVegan @leminal.space 4d ago
I'd say rust is a great game with the worst community and therefore riddled with cheaters and unplayable.
I think the game is pretty fun, but it heavily relies on the people who play it. To me it's impossible to play. Rust players are usually 15 hours a day online. If you play on eu servers, good luck playing against mostly russians who have nothing going on in their lives than being assholes online.
- bitjunkie @lemmy.world 4d ago
  I haven't played in years but even then running your own server was the way to go
Asidonhopo @lemmy.world 4d ago
The terrible community is an important gameplay mechanic of Rust
- SleeplessCityLights @programming.dev 4d ago
  You are not wrong.

mcv @lemmy.zip 3d ago

Never heard of Rust, but it sounds like something I can afford to ignore.

OS shouldn't even matter to prevent cheating; do your anticheat validation server side. Anyone who knows anything about security knows the client side can never be trusted.

Sv443 @sh.itjust.works 3d ago
Ultra toxic survival game where you build a base, get raided by 4 guys with rocket launchers and bombs while yelling slurs at you. Then rinse and repeat.
- Laser @feddit.org 3d ago
  Yeah Rust is super toxic indeed, bit I think that's part of the appeal
- balance8873 @lemmy.myserv.one 3d ago
  Did you ever try getting gud?
grrgyle @slrpnk.net 3d ago
I thought that was the trans crab programming language

thethunderwolf @lemmy.dbzer0.com 3d ago

even most popular Minecraft servers have better functioning anti cheat that is completely server side

Why isn't this the standard everywhere? These servers prove that server side anticheat works.

AAA @feddit.org 3d ago
It is. All games have this kind of server side verification which denies not allowed actions. The difference is in Minecraft it comes down to "no, you cannot fly, or" no, you cannot build a pig spawner because you don't have one in you inventory". But in Counter Strike you need to decide if one player's 14ms headsbot is legit, while some other player's 20ms kill was not. Or if someone was acting on information they shouldn't have (radar and wall hacks). That's orders of magnitudes harder.
Generally speaking, the slower a game, and the less hand eye coordination are necessary, the easier is server side cheat detection. On the other side, there's chess...
- Nibodhika @lemmy.world 3d ago
  Well, yes, but, let me counter with this:
  You can completely remove wall hacks from the equation by doing some FoV calculations in the server, this completely solves that issue, there's no client side hack that would be able to show you enemies behind the wall because the server isn't sending them to you.
  And to the other point, if the 20ms kill is bad but the 14ms kill is good, there's space to argue that the cheater is worse than the players so you don't really need anti-cheat so solve that, Skill based matchmaking takes care of that for you, he would eventually be placed with people who are better than him even with hacks.
  Sure, server side anti-cheat can't capture everything, but neither can client side, but server side anti-cheat can make it so that your client side cheats are pointless, because they can't make you better than everyone, you have to remain averageish, and if you're consistently above average skill based matchmaking will bump you up and up until you're going to lose even with cheats or you will be playing against other people with the same cheats as you.
- Echo Dot @feddit.uk 3d ago
  I've said this before about wall hacks. The only reason they are possible is because the positions of all players are being sent to the client and then the client just doesn't draw them to screen. It would be extremely easy to simply not send the data for players you shouldn't be able to legitimately see.
- thethunderwolf @lemmy.dbzer0.com 3d ago
  True
Echo Dot @feddit.uk 3d ago
Because they've been forced to implement server-side anti-cheat because they can't implement it into the game because they don't control the game and mojang don't seem interested in adding much in the way of anti-cheat to Minecraft.
These other companies actually control the games they're running the servers for, so they can go the simple route and put kernel level anti-cheat in the game, and then call it a day. Corporations will always take the easy cheap option, even if it's not very good.

fodor @lemmy.zip 3d ago

The garbage took itself out.

y0kai @lemmy.dbzer0.com 5d ago

I have literally never played a game and encountered an obvious cheater and if I did, I think I'd just change servers. Is this really such a huge problem and if so, what are its consequences beyond maybe being annoyed for 5 minutes?

otacon239 @lemmy.world 5d ago

Some people take their game worlds entirely too seriously. I find far too many in the competitive gaming scene treat video game accomplishments/loot/losses on the same level as real-world ones.
scutiger @lemmy.world 4d ago
Some games, like Tarkov, are plagued with cheaters, but Linux plays no part in any of it.
- Zirconium @lemmy.world 4d ago
  First time I went into labs I encountered a cheater, that's when I learned to not play tarkov. Especially solo good lord
warm @kbin.earth 5d ago
I've come across many, is it annoying? Sure. Is it the end of the world? No. You just leave the lobby/server and go in a fresh one.
No cheating is bad enough to justify a rootkit.
I've also been called a cheater a lot and they always sound very convinced even though they have no idea at all. I imagine these are the same people constantly complaining about cheating.
null @piefed.nullspace.lol 5d ago
Hundreds of hours in Marvel Rivals and I've also never encountered anyone I was sure was a cheater. Nor have any of the friends I play with, and I've never had anyone on voice tell me about encountering a cheater.
I've definitely had a handful of matches cancel with an alert that a cheater was detected though.
Maybe I'm lucky. Maybe kernel-level anti-cheat is a farce.

DupaCycki @lemmy.world 4d ago

This is what happens when your game is exclusively a commercial product and not a creative work. This exact logic is why accessibility features are being implemented sparsly and slowly.

If all he cares about is money, let's just not give it to him. There's thousands of better games, more worth our time and money.

jrgd @lemmy.zip 4d ago

Referencing my comment in the other thread, Facepunch employees keep being disingenuous about this claim. Even if it is true, due to how unplayable Facepunch made the Linux build a short while before they axed it for "a rampant cheating problem", this claim does not have enough evidence. The linked comment goes into some more detail, but it is insane how much the developers keep doubling down on their disinformation.

Taldan @lemmy.world 3d ago

I tried Rust, but quit quickly due to the extreme levels of racism and open Nazis. Maybe they should address some core issues of the game before blaming Linux for their problems?

Also, how was their playerbase only 0.01% Linux? Was their game terrible on Linux? Why did it have hundreds of time less players than other platforms

Cus @lemmy.zip 3d ago
well they dont see that part as a problem because the apple doesn't fall far from the tree

youmaynotknow @lemmy.zip 3d ago

Does the anti-cheat break the game on Linux? Not buying the game. I don't need that kind of crap in my life.

warm @kbin.earth 5d ago

What a clown ahahha

rapchee @lemmy.world 3d ago

i wonder if this guy heard about counter strike...

brachiosaurus @mander.xyz 4d ago

don't play this shit

Cus @lemmy.zip 4d ago
didn't plan to lol

Asidonhopo @lemmy.world 4d ago

That week I played Rust on Linux before they dropped support was pretty fun

Cus @lemmy.zip 4d ago
LOL

JackbyDev @programming.dev 3d ago

I think Helldivers 2 uses EAC and it works on Proton just fine.

Bruhh @lemmy.world 3d ago
Helldivers uses nProtect not EAC but yes, EAC in general is compatible with Proton. The Finals use to run EAC for the longest and Arc Raiders currently uses it and both those games run well.
- JackbyDev @programming.dev 3d ago
  Does Deep Rock Galactic or maybe Marvel Rivals use EAC? I could've sworn I've seen pop-ups mention it and those are the three games I've played on Linux. But also, memories are bad, constructed memories happen, yadda yadda.

CovfefeKills @lemmy.world 4d ago

Isn't the real issue the PCIe bus being undetectable-y intercept-able with devices that sit between the gpu and cpu?

Cus @lemmy.zip 4d ago

correct that is where majority of cheats are, because as they dig deeper with anticheat backdoors it pushed people to take advantage of shit like injecting the data directly into the pcie bus untraceably, and the ways to catch that have all been unshockingly server side......

LaLuzDelSol @lemmy.world 4d ago

I feel like the 0.01% is either a mistake or an exaggeration? Isn't Linux something like 1-2% of the gamer base depending on how you measure it? Why would a Linux supported hard-core game be 100x less than that?

Vikthor @piefed.world 4d ago

No 0.01% was quite possibly the actual number at the time. What he didn't tell is that by the time they stopped the Linux port it was in an abysmal state after months or years of neglect. Poor performance at best, up to outright not working, depending on your hardware.
Credibly_Human @lemmy.world 3d ago
Its a clue in to why their argument is in bad faith.
Their game was never supported strongly enough to actually encourage people on linux to trust it.
Cus @lemmy.zip 4d ago
its one or the other yea lol

Eh-I @lemmy.world 3d ago

This is the Garry's Mod dude?

HarryKrischner @chaos.social 3d ago

@Jumpropegazing
they are loosing the battle against Cheaters on the windows user side, don't make them loose the battle on the Linux side aswell 🤣

mojofrododojo @lemmy.world 3d ago
loose
not tight or constricting;
lose
THE WORD YOUR LOOKING FOR. to fail, to be defeated, etc.,
sorry, this is just one I keep seeing more and more and it's driving me absolutely bonkers
- HarryKrischner @chaos.social 3d ago
  @mojofrododojo
  thank you 👍 i appreciate the correction

SamuraiBeandog @lemmy.world 4d ago

These comments are a real Dunning-Kruger festival.

_‌_反いじめ戦隊 @ani.social 4d ago
In fashit, or here?
Cus @lemmy.zip 4d ago
explain
- Honytawk @feddit.nl 4d ago
  Peoples understanding of game development, especially competitive gaming, seem to be lacking with Linux users.
  Probably because none of them are able to play them because of anti-cheat.

ABetterTomorrow @sh.itjust.works 4d ago

Not sure what to believe here due to I haven’t gamed in years. What’s everyone take on this? Educate me.

mudkip @lemdro.id 4d ago

Linux is gay anyway I'd rather have mac support

rarbg @lemmy.zip 4d ago
c/lostlemmyers
- mudkip @lemdro.id 3d ago
  Lemmings
GreenKnight23 @lemmy.world 4d ago
removed you're just jealous because Linux is
Cus @lemmy.zip 4d ago
( -_•)▄︻テحكـ━一💥
Jankatarch @lemmy.world 4d ago
Sometimes it's Trans also.

developer of game 'Rust' talks about anticheat on linux

Comments

283 Comments